CVE-2025-6995

EPSS 0.09%
Veröffentlicht 08.07.2025 14:45:44
Zuletzt bearbeitet 11.07.2025 17:24:28
Quelle 3c1d8aa1-5a33-4ea4-8992-aadd64
CVE-Watchlists
Login
Unerledigt
Login

Improper Encryption in Ivanti Endpoint Manager

Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 13 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ivanti ≫ Endpoint Manager Version < 2022

Ivanti ≫ Endpoint Manager Version2022 Update-

Ivanti ≫ Endpoint Manager Version2022 Updatesu1

Ivanti ≫ Endpoint Manager Version2022 Updatesu2

Ivanti ≫ Endpoint Manager Version2022 Updatesu3

Ivanti ≫ Endpoint Manager Version2022 Updatesu4

Ivanti ≫ Endpoint Manager Version2022 Updatesu5

Ivanti ≫ Endpoint Manager Version2022 Updatesu6

Ivanti ≫ Endpoint Manager Version2022 Updatesu7

Ivanti ≫ Endpoint Manager Version2022 Updatesu8

Ivanti ≫ Endpoint Manager Version2024 Update-

Ivanti ≫ Endpoint Manager Version2024 Updatesu1

Ivanti ≫ Endpoint Manager Version2024 Updatesu2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
3c1d8aa1-5a33-4ea4-8992-aadd6440af75	8.4	2	5.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

https://forums.ivanti.com/s/article/Security-Advisory-July-2025-for-Ivanti-EPM-2024-SU2-and-EPM-2022-SU8

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-6995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6995

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-6995